0

I have a custom logout page. When user clicks logout this page is reached (and logout status is saved in database). There is no login mechanism. If a user tries in a new window he is allowed to view the page and logout status is changed as logged In.

Once logged out, when user is clicking back button (from logout page), it should not allow user to view previous page.

Similarly: When user access a page, the time is stored. When he is idle for 20 min and attempt an operation he will be redirected to session timed out. He should not be able to view previous page on back button click.

Currently in each page I am checking the database status and redirecting to logged out page again if status is logged out. But it causes the page to load first and then do validation in javascript and then redirect. Is there a better way to handle this?

Note: I am posting it as a new question based on the comment in Clear browser history

        $.ajax(
        {
            type: "POST",
            url: "LogOut.aspx/GetActiveIndicatorStatus",
            data: '{"empID": "' + empID + '"}',
            contentType: "application/json; charset=utf-8",
            dataType: "json",
            success: navigateBasedOnStatus

        }
        );


//Helper Function
function navigateBasedOnStatus(result) {


    if (result.hasOwnProperty("d")) {
        result = result.d
    }

    //alert($.trim(result));

    if ($.trim(result) == "LoggedOUT") {

        window.location.href("LogOut.aspx");
    }
    else 
    {
        contentHolderDiv.css("display", "block");
    }


}

REFERENCE:

  1. Clear browser history
  2. Dynamically add href on <a>
Community
  • 1
  • 1
LCJ
  • 22,196
  • 67
  • 260
  • 418
  • 2
    I don't understand the mechanism. There's no explicit login, but you can logout? And the user is automatically logged back in when visiting a new site? That sounds very unorthodox and error prone any way you look at it... Not to mention that Javascript should have no part in dealing with logins/outs either. – deceze Nov 08 '12 at 09:50
  • @deceze When user access a page, the time is stored. When he is idle for 20 min and attempt an operation he will be redirected to session timed out. He should not be able to view previous page on back button click. – LCJ Nov 08 '12 at 09:51

1 Answers1

2

Scenario 1: don't Ajax:

If you are on the page the user may not see again, 

window.location.replace("LogOut.aspx/GetActiveIndicatorStatus?empID="+empID)

will replace the page you are on with whatever you return.

Scenario 2: replace in the result:

if ($.trim(result) == "LoggedOUT") {

    window.location.replace("LogOut.aspx");
}
else 
{
    contentHolderDiv.css("display", "block");
}
mplungjan
  • 169,008
  • 28
  • 173
  • 236
  • Suppose the user has first reached page1, then page2. The user clicked Logout from page2. Consider I used REPLCAE on logout click. Still the user will be able to go back to pag1; though not page2. Is there any solution for this? – LCJ Nov 08 '12 at 11:11
  • From page1 use location.replace("page2...") then there is no page1 in history and logout from page2 will replace that page too – mplungjan Nov 08 '12 at 12:33